servnest
/
docs
1
0
Fork 0
Code Issues Pull Requests Releases Activity
docs/front/full-howto.en.md

3.9 KiB
Raw Blame History

Use ServNest

Introduction

This document describes the steps for the combined use of each service of a ServNest installation.

In short, it consists of:

  1. on the Authentication service: creating an account
  2. on the Registry service: registering a domain name in one of the available suffixes
  3. on the Name servers service: configuring a DNS zone for this domain
  4. on the Web service: uploading files using SFTP and making them accessible through the Web with the domain previously registered and configured

Prerequisites

  • the address of an existing ServNest installation (see the list on the homepage)
  • a way to communicate with the chosen installation administrator, to get the account approved
  • a web browser (for example LibreWolf, Tor Browser or Firefox)
  • an SFTP client (for example Dolphin on KDE, GNOME Files or FileZilla)
  • files to be served on the site (typically in HTML format)

Step 1: account creation

Create an account and get it approved

  1. From the chosen ServNest installation home page, go to the Authentication service, then use the page Create account
  2. Ask your installation administrator an approval key, according to the instructions on the link About this installation on the installation home page, and wait for their answer
  3. Use the answered key on the Switch to an approved account page

Step 2: domain registration

Choose a domain name

  1. Go to the Registry service
  2. Register domain

Step 3: the DNS zone

Step 3.1: DNS zone creation

Authenticate the DNS zone creation by creating a specific DNS record in the parent zone (the registry), then actually create the zone

  1. On the Name servers > Add zone page, copy the required NS record value (Don't submit the form yet)
  2. Paste the value in Registry > NS records and submit
  3. Submit the form on Name servers > Add zone
  4. Paste the value in Registry > NS records again, but this time select the Delete action, then submit

Step 3.2: delegation to the DNS zone

Tell the registry to delegate the domain name resolution to the servers on which we just created the zone

For each domain name listed in the Name servers section on the home page of the Name servers service:

  1. Copy-paste this domain name in Registry > DNS records then submit

Optional step 3.3: DNSSEC activation

Tell the registry the public key of the DNS zone in order to enable the DNSSEC trust delegation and thus the DNS zone records authentication

  1. On Name servers > Display zone, select DS records then submit
  2. Transmit the display values to Registry > DS records

Step 4: the website

Step 4.1: SFTP upload

  1. Transmit the values displayed on the Web service home page to the SFTP client
  2. If the SFTP asks to confirm the server's public key fingerprint, check that it matches one of the values display on the web page. If none of the values match, cancel the connection, then check the settings, change Internet connection or contact the administrator. (Connecting to an SFTP server without verifying it's authenticity can allow an attacker to takeover your account.)
  3. The SFTP space is empty by default. Create a directory named without spaces, accents or special characters (for example site)
  4. Copy-paste the site files inside this new directory

Step 4.2: HTTP access creation

  1. In Name servers > Synchronized records, add an entry with the domain displayed on Web > Dedicated domain with Let's Encrypt certificate access as the Source domain
  2. In Name servers > TXT records, add for the Subdomain _auth the value displayed on Web > Dedicated domain with Let's Encrypt certificate access
  3. Submit the form Dedicated domain with Let's Encrypt certificate access

Conclusion

Accessing https://domain.example/file displays the file /site/file from the SFTP space.